diff --git a/htdocs/actioncomm.class.php b/htdocs/actioncomm.class.php
index cd05b7fae40..95d5da987a1 100644
--- a/htdocs/actioncomm.class.php
+++ b/htdocs/actioncomm.class.php
@@ -671,7 +671,7 @@ class ActionComm
$resql=$this->db->query($sql);
if ($resql)
{
- // Note: Output of sql request is encoded in $conf->character_set_client
+ // Note: Output of sql request is encoded in $conf->file->character_set_client
while ($obj=$this->db->fetch_object($resql))
{
$qualified=true;
diff --git a/htdocs/lib/functions2.lib.php b/htdocs/lib/functions2.lib.php
index d0c2310a0e4..eceb1a46230 100644
--- a/htdocs/lib/functions2.lib.php
+++ b/htdocs/lib/functions2.lib.php
@@ -45,8 +45,8 @@ function dol_print_file($langs,$filename,$searchalt=0)
{
$content=file_get_contents($htmlfile);
$isutf8=utf8_check($content);
- if (! $isutf8 && $conf->character_set_client == 'UTF-8') print utf8_encode($content);
- elseif ($isutf8 && $conf->character_set_client == 'ISO-8859-1') print utf8_decode($content);
+ if (! $isutf8 && $conf->file->character_set_client == 'UTF-8') print utf8_encode($content);
+ elseif ($isutf8 && $conf->file->character_set_client == 'ISO-8859-1') print utf8_decode($content);
else print $content;
return true;
}
@@ -62,8 +62,8 @@ function dol_print_file($langs,$filename,$searchalt=0)
{
$content=file_get_contents($htmlfilealt);
$isutf8=utf8_check($content);
- if (! $isutf8 && $conf->character_set_client == 'UTF-8') print utf8_encode($content);
- elseif ($isutf8 && $conf->character_set_client == 'ISO-8859-1') print utf8_decode($content);
+ if (! $isutf8 && $conf->file->character_set_client == 'UTF-8') print utf8_encode($content);
+ elseif ($isutf8 && $conf->file->character_set_client == 'ISO-8859-1') print utf8_decode($content);
else print $content;
return true;
}
diff --git a/htdocs/main.inc.php b/htdocs/main.inc.php
index ce9ea2bc9a2..20ac3dc93bb 100644
--- a/htdocs/main.inc.php
+++ b/htdocs/main.inc.php
@@ -112,17 +112,18 @@ analyse_sql_injection($_POST);
// This is to make Dolibarr working with Plesk
set_include_path($_SERVER['DOCUMENT_ROOT'].'/htdocs');
-// Retrieve the entity in login form, and after in the cookie
-$entityCookieName = "DOLENTITYID_dolibarr";
-if (isset($_POST["entity"])) $_SESSION["dol_entity"] = $_POST["entity"];
-if (isset($_COOKIE[$entityCookieName])) $_SESSION["dol_entity"] = $_COOKIE[$entityCookieName];
+// Retrieve the entity in login form, and after in the cookie
+// Removed: The session has not been initialized yet so using SESSION is forbidden here
+//$entityCookieName = "DOLENTITYID_dolibarr";
+//if (isset($_POST["entity"])) $_SESSION["dol_entity"] = $_POST["entity"];
+//if (isset($_COOKIE[$entityCookieName])) $_SESSION["dol_entity"] = $_COOKIE[$entityCookieName];
// Set and init common variables
-// This include will set $conf, $langs and $mysoc objects
+// This include will set: $conf, $langs and $mysoc objects
require_once("master.inc.php");
// Check if HTTPS
-if ($conf->main_force_https)
+if ($conf->file->main_force_https)
{
if (! empty($_SERVER["SCRIPT_URI"])) // If SCRIPT_URI supported by server
{
@@ -130,7 +131,7 @@ if ($conf->main_force_https)
{
$newurl=eregi_replace('^http:','https:',$_SERVER["SCRIPT_URI"]);
- dol_syslog("dolibarr_main_force_https is on, we make a redirect to ".$newurl,LOG_DEBUG);
+ dol_syslog("dolibarr_main_force_https is on, we make a redirect to ".$newurl);
header("Location: ".$newurl);
exit;
}
@@ -146,7 +147,7 @@ if ($conf->main_force_https)
$newurl='https://'.$domaineport.$_SERVER["REQUEST_URI"];
//print 'eee'.$newurl; exit;
- dol_syslog("dolibarr_main_force_https is on, we make a redirect to ".$newurl,LOG_DEBUG);
+ dol_syslog("dolibarr_main_force_https is on, we make a redirect to ".$newurl);
header("Location: ".$newurl);
exit;
}
@@ -166,27 +167,20 @@ if (! empty($conf->global->MAIN_SESSION_TIMEOUT)) ini_set('session.gc_maxlifetim
session_name($sessionname);
session_start();
dol_syslog("Start session name=".$sessionname." Session id()=".session_id().", _SESSION['dol_login']=".(isset($_SESSION["dol_login"])?$_SESSION["dol_login"]:'').", ".ini_get("session.gc_maxlifetime"));
-/*
-// Retrieve the entity in login form and in the cookie.
+
+// Retrieve the entity in login form or in the cookie.
// This must be after the init of session (session_start) or this create serious pb of corrupted session.
-$entityCookieName = "DOLENTITYID_dolibarr";
-if (isset($_POST["loginfunction"]) && isset($_POST["entity"]))
+/*
+ $entityCookieName = "DOLENTITYID_dolibarr";
+if ((isset($_POST["loginfunction"]) && isset($_POST["entity"])) || isset($_COOKIE[$entityCookieName]))
{
- $_SESSION["dol_entity"] = $_POST["entity"];
+ $_SESSION["dol_entity"] = isset($_POST["entity"])?$_POST["entity"]:$_COOKIE[$entityCookieName];
$conf->entity=$_SESSION["dol_entity"];
- dol_syslog("Will work on entity ".$conf->entity);
+ dol_syslog("We work on entity ".$conf->entity);
// Now we need to reload the conf with the choosed entity
- $conf->setValues($db);
-}
-elseif (isset($_COOKIE[$entityCookieName]))
-{
- $_SESSION["dol_entity"] = $_COOKIE[$entityCookieName];
- $conf->entity=$_SESSION["dol_entity"];
- dol_syslog("Will work on entity ".$conf->entity);
- // Now we need to reload the conf with the choosed entity
- $conf->setValues($db);
}
*/
+
// Disable modules (this must be after session_start and after conf has been reloaded)
if (! empty($_REQUEST["disablemodules"])) $_SESSION["disablemodules"]=$_REQUEST["disablemodules"];
if (! empty($_SESSION["disablemodules"]))
@@ -198,8 +192,9 @@ if (! empty($_SESSION["disablemodules"]))
}
}
+
/*
- * Phase identification
+ * Phase authentication / login
*/
// $authmode contient la liste des differents modes d'identification a tester par ordre de preference.
@@ -396,7 +391,7 @@ else
// Appel des triggers
include_once(DOL_DOCUMENT_ROOT . "/interfaces.class.php");
$interface=new Interfaces($db);
- $result=$interface->run_triggers('USER_LOGIN_FAILED',$user,$user,$langs,$conf,$_POST["entity"]);
+ $result=$interface->run_triggers('USER_LOGIN_FAILED',$user,$user,$langs,$conf,(isset($_POST["entity"])?$_POST["entity"]:0));
if ($result < 0) { $error++; }
// Fin appel triggers
@@ -413,6 +408,7 @@ if (! isset($_SESSION["dol_login"]))
// New session for this login
$_SESSION["dol_login"]=$user->login;
$_SESSION["dol_authmode"]=$conf->authmode;
+ if ($conf->multicompany->enabled) $_SESSION["dol_entity"]=$conf->entity;
dol_syslog("This is a new started user session. _SESSION['dol_login']=".$_SESSION["dol_login"].' Session id='.session_id());
$db->begin();
@@ -439,6 +435,7 @@ if (! isset($_SESSION["dol_login"]))
}
// Create entity cookie
+ // TODO Remove this as it is a security hole
if ($conf->multicompany->enabled && isset($_POST["entity"]))
{
$entity = $_POST["entity"];
@@ -615,7 +612,6 @@ if (defined("MAIN_NOT_INSTALLED"))
// On charge les fichiers lang principaux
-// TODO Optimisation a faire ici
$langs->load("main");
$langs->load("dict");
@@ -626,6 +622,10 @@ $user->getrights();
$bc[0]="class=\"impair\"";
$bc[1]="class=\"pair\"";
+// Sert uniquement dans module telephonie
+$yesno[0]="no";
+$yesno[1]="yes";
+
// Constantes utilisees pour definir le nombre de lignes des textarea
if (! eregi("firefox",$_SERVER["HTTP_USER_AGENT"]))
{
@@ -668,7 +668,7 @@ function top_htmlhead($head, $title='', $disablejs=0, $disablehead=0, $arrayofjs
if (empty($conf->css)) $conf->css ='/theme/eldy/eldy.css.php';
//header("Content-type: text/html; charset=UTF-8");
- header("Content-type: text/html; charset=".$conf->character_set_client);
+ header("Content-type: text/html; charset=".$conf->file->character_set_client);
print '';
//print '';
@@ -678,7 +678,7 @@ function top_htmlhead($head, $title='', $disablejs=0, $disablehead=0, $arrayofjs
{
print "\n";
- print "\n";
+ print "\n";
// Affiche meta
print ''."\n"; // Evite indexation par robots
@@ -848,6 +848,7 @@ function top_menu($head, $title='', $target='')
$htmltext.='
'.$langs->trans("Type").': '.($user->societe_id?$langs->trans("External"):$langs->trans("Internal"));
$htmltext.='
';
$htmltext.='
'.$langs->trans("Connection").'';
+ if ($conf->global->MAIN_MODULE_MULTICOMPANY) $htmltext.='
'.$langs->trans("ConnectedOnMultiCompany").': '.$conf->entity.' (user entity '.$user->entity.')';
$htmltext.='
'.$langs->trans("ConnectedSince").': '.dol_print_date($user->datelastlogin,"dayhour");
$htmltext.='
'.$langs->trans("PreviousConnexion").': '.dol_print_date($user->datepreviouslogin,"dayhour");
$htmltext.='
'.$langs->trans("AuthenticationMode").': '.$_SESSION["dol_authmode"];
diff --git a/htdocs/master.inc.php b/htdocs/master.inc.php
index b4459bb5c24..7696e84ae06 100644
--- a/htdocs/master.inc.php
+++ b/htdocs/master.inc.php
@@ -114,10 +114,6 @@ require_once(DOL_DOCUMENT_ROOT."/core/conf.class.php");
$conf = new Conf();
-// Retrieve the entity
-// Removed: The session has not been initialized yet so using SESSION is forbidden here
-if (isset($_SESSION["dol_entity"])) $conf->entity = $_SESSION["dol_entity"];
-
// Identifiant propres au serveur base de donnee
$conf->db->host = $dolibarr_main_db_host;
if (empty($dolibarr_main_db_port)) $dolibarr_main_db_port=0; // Pour compatibilite avec anciennes configs, si non defini, on prend 'mysql'
@@ -134,22 +130,22 @@ $conf->db->prefix = $dolibarr_main_db_prefix;
if (empty($dolibarr_main_db_collation)) $dolibarr_main_db_collation='latin1_swedish_ci';
$conf->db->dolibarr_main_db_collation=$dolibarr_main_db_collation;
// Identifiant autres
-$conf->main_authentication = empty($dolibarr_main_authentication)?'':$dolibarr_main_authentication;
+$conf->file->main_authentication = empty($dolibarr_main_authentication)?'':$dolibarr_main_authentication;
// Force https
-$conf->main_force_https = empty($dolibarr_main_force_https)?'':$dolibarr_main_force_https;
+$conf->file->main_force_https = empty($dolibarr_main_force_https)?'':$dolibarr_main_force_https;
// Define charset for HTML Output (can set hidden value force_charset in conf.php file)
if (empty($force_charset_do_notuse)) $force_charset_do_notuse='UTF-8';
-$conf->character_set_client=strtoupper($force_charset_do_notuse);
+$conf->file->character_set_client=strtoupper($force_charset_do_notuse);
// Define array of document root directories
-$conf->dol_document_root=array(DOL_DOCUMENT_ROOT);
+$conf->file->dol_document_root=array(DOL_DOCUMENT_ROOT);
if (! empty($dolibarr_main_document_root_alt))
{
// dolibarr_main_document_root_alt contains several directories
$values=split(';',$dolibarr_main_document_root_alt);
foreach($values as $value)
{
- $conf->dol_document_root[]=$value;
+ $conf->file->dol_document_root[]=$value;
}
}
@@ -191,9 +187,9 @@ if (! defined('NOREQUIREDB'))
exit;
}
}
-// Now database connexion is known we can forget password
-//$dolibarr_main_db_pass=''; // Comment this because pass is used in a lot of pages
-$conf->db->pass=''; // This is to avoir password to be shown in dump
+// Now database connexion is known, so we can forget password
+//$dolibarr_main_db_pass=''; // Comment this because this constant is used in a lot of pages
+$conf->db->pass=''; // This is to avoid password to be shown in dump
/*
* Creation objet $user
@@ -204,56 +200,43 @@ if (! defined('NOREQUIREUSER'))
}
/*
- * Chargement objet $conf
+ * Load object $conf
* After this, all parameters conf->global->CONSTANTS are loaded
*/
if (! defined('NOREQUIREDB'))
{
+ $entityCookieName="DOLENTITYID_dolibarr";
+ // Retrieve the entity
+ if (isset($_POST["loginfunction"]) && isset($_POST["entity"])) // Just after a login page
+ {
+ $conf->entity = $_POST["entity"];
+ }
+ else if (isset($_COOKIE[$entityCookieName])) // Inside a browser navigation
+ {
+ // TODO See to remove this later as it is a security hole
+ $conf->entity = $_COOKIE[$entityCookieName];
+ }
+ elseif (session_id() && isset($_SESSION["dol_entity"])) // Inside an opened session
+ {
+ // TODO This is not used for the moment as session is started after for the moment
+ $conf->entity = $_SESSION["dol_entity"];
+ }
+ elseif (isset($_ENV["dol_entity"])) // If inside a CLI script
+ {
+ $conf->entity = $_ENV["dol_entity"];
+ }
$conf->setValues($db);
}
/*
- * Set default language (must be after the setValues of $conf)
+ * Creation objet $mysoc
+ * Objet Societe qui contient carac de l'institution gérée par Dolibarr.
*/
-if (! defined('NOREQUIRETRAN'))
-{
- $langs->setDefaultLang($conf->global->MAIN_LANG_DEFAULT);
- $langs->setPhpLang();
-}
-
-/*
- * Pour utiliser d'autres versions des librairies externes que les
- * versions embarquées dans Dolibarr, définir les constantes adequates:
- * Pour FPDF: FPDF_PATH
- * Pour PHP_WriteExcel: PHP_WRITEEXCEL_PATH
- * Pour MagpieRss: MAGPIERSS_PATH
- * Pour PHPlot: PHPLOT_PATH
- * Pour JPGraph: JPGRAPH_PATH
- * Pour NuSOAP: NUSOAP_PATH
- * Pour TCPDF: TCPDF_PATH
- */
-// Les path racines
-if (! defined('FPDF_PATH')) { define('FPDF_PATH', DOL_DOCUMENT_ROOT .'/includes/fpdf/fpdf/'); }
-if (! defined('FPDFI_PATH')) { define('FPDFI_PATH', DOL_DOCUMENT_ROOT .'/includes/fpdf/fpdfi/'); }
-if (! defined('MAGPIERSS_PATH')) { define('MAGPIERSS_PATH', DOL_DOCUMENT_ROOT .'/includes/magpierss/'); }
-if (! defined('JPGRAPH_PATH')) { define('JPGRAPH_PATH', DOL_DOCUMENT_ROOT .'/includes/jpgraph/'); }
-if (! defined('NUSOAP_PATH')) { define('NUSOAP_PATH', DOL_DOCUMENT_ROOT .'/includes/nusoap/lib/'); }
-if (! defined('PHP_WRITEEXCEL_PATH')) { define('PHP_WRITEEXCEL_PATH',DOL_DOCUMENT_ROOT .'/includes/php_writeexcel/'); }
-if (! defined('PHPEXCELREADER')) { define('PHPEXCELREADER', DOL_DOCUMENT_ROOT .'/includes/phpexcelreader/'); }
-// Les autres path
-if (! defined('FPDF_FONTPATH')) { define('FPDF_FONTPATH', FPDF_PATH . 'font/'); }
-if (! defined('MAGPIE_DIR')) { define('MAGPIE_DIR', MAGPIERSS_PATH); }
-if (! defined('MAGPIE_CACHE_DIR')) { define('MAGPIE_CACHE_DIR', $conf->externalrss->dir_temp); }
-
-
-
-/*
- * Creation objet mysoc
- * Objet Societe qui contient carac de l'institution géré par Dolibarr.
- */
-if (! defined('NOREQUIRESOC'))
+if (! defined('NOREQUIREDB') && ! defined('NOREQUIRESOC'))
{
+ require_once(DOL_DOCUMENT_ROOT ."/societe.class.php");
$mysoc=new Societe($db);
+
$mysoc->id=0;
$mysoc->nom=$conf->global->MAIN_INFO_SOCIETE_NOM;
$mysoc->adresse=$conf->global->MAIN_INFO_SOCIETE_ADRESSE;
@@ -304,10 +287,40 @@ if (! defined('NOREQUIRESOC'))
$mysoc->logo_mini=$conf->global->MAIN_INFO_SOCIETE_LOGO_MINI;
}
-// Sert uniquement dans module telephonie
-$yesno[0]="no";
-$yesno[1]="yes";
-if ( ! defined('MAIN_LABEL_MENTION_NPR') ) define('MAIN_LABEL_MENTION_NPR','NPR');
+/*
+ * Set default language (must be after the setValues of $conf)
+ */
+if (! defined('NOREQUIRETRAN'))
+{
+ $langs->setDefaultLang($conf->global->MAIN_LANG_DEFAULT);
+ $langs->setPhpLang();
+}
+/*
+ * Pour utiliser d'autres versions des librairies externes que les
+ * versions embarquées dans Dolibarr, définir les constantes adequates:
+ * Pour FPDF: FPDF_PATH
+ * Pour PHP_WriteExcel: PHP_WRITEEXCEL_PATH
+ * Pour MagpieRss: MAGPIERSS_PATH
+ * Pour PHPlot: PHPLOT_PATH
+ * Pour JPGraph: JPGRAPH_PATH
+ * Pour NuSOAP: NUSOAP_PATH
+ * Pour TCPDF: TCPDF_PATH
+ */
+// Les path racines
+if (! defined('FPDF_PATH')) { define('FPDF_PATH', DOL_DOCUMENT_ROOT .'/includes/fpdf/fpdf/'); }
+if (! defined('FPDFI_PATH')) { define('FPDFI_PATH', DOL_DOCUMENT_ROOT .'/includes/fpdf/fpdfi/'); }
+if (! defined('MAGPIERSS_PATH')) { define('MAGPIERSS_PATH', DOL_DOCUMENT_ROOT .'/includes/magpierss/'); }
+if (! defined('JPGRAPH_PATH')) { define('JPGRAPH_PATH', DOL_DOCUMENT_ROOT .'/includes/jpgraph/'); }
+if (! defined('NUSOAP_PATH')) { define('NUSOAP_PATH', DOL_DOCUMENT_ROOT .'/includes/nusoap/lib/'); }
+if (! defined('PHP_WRITEEXCEL_PATH')) { define('PHP_WRITEEXCEL_PATH',DOL_DOCUMENT_ROOT .'/includes/php_writeexcel/'); }
+if (! defined('PHPEXCELREADER')) { define('PHPEXCELREADER', DOL_DOCUMENT_ROOT .'/includes/phpexcelreader/'); }
+// Les autres path
+if (! defined('FPDF_FONTPATH')) { define('FPDF_FONTPATH', FPDF_PATH . 'font/'); }
+if (! defined('MAGPIE_DIR')) { define('MAGPIE_DIR', MAGPIERSS_PATH); }
+if (! defined('MAGPIE_CACHE_DIR')) { define('MAGPIE_CACHE_DIR', $conf->externalrss->dir_temp); }
+
+
+if (! defined('MAIN_LABEL_MENTION_NPR') ) define('MAIN_LABEL_MENTION_NPR','NPR');
?>
diff --git a/htdocs/translate.class.php b/htdocs/translate.class.php
index 91a553a5078..baa25f1a39b 100644
--- a/htdocs/translate.class.php
+++ b/htdocs/translate.class.php
@@ -54,12 +54,12 @@ class Translate {
function Translate($dir = "",$conf)
{
// If charset output is forced
- if (! empty($conf->character_set_client))
+ if (! empty($conf->file->character_set_client))
{
- $this->charset_output=$conf->character_set_client;
+ $this->charset_output=$conf->file->character_set_client;
}
if ($dir) $this->dir=array($dir);
- else $this->dir=$conf->dol_document_root;
+ else $this->dir=$conf->file->dol_document_root;
}
@@ -356,7 +356,7 @@ class Translate {
$newstr=ereg_replace('<','__lt__',$str);
$newstr=ereg_replace('>','__gt__',$newstr);
$newstr=ereg_replace('"','__quot__',$newstr);
-
+
$newstr=$this->convToOutputCharset($newstr); // Convert string to $this->charset_output
// Cryptage en html de la chaine
@@ -470,7 +470,7 @@ class Translate {
/**
- * \brief Convert a string into output charset (this->charset_output that should be defined to conf->character_set_client)
+ * \brief Convert a string into output charset (this->charset_output that should be defined to conf->file->character_set_client)
* \param str String to convert
* \param pagecodefrom Page code of src string
* \return string Converted string
diff --git a/htdocs/viewimage.php b/htdocs/viewimage.php
index 23aa9959251..7c6428ef57f 100644
--- a/htdocs/viewimage.php
+++ b/htdocs/viewimage.php
@@ -336,7 +336,7 @@ if ($modulepart == 'barcode')
$readable=$_GET["readable"]?$_GET["readable"]:"Y";
// Output files with barcode generators
- foreach ($conf->dol_document_root as $dirroot)
+ foreach ($conf->file->dol_document_root as $dirroot)
{
$dir=$dirroot . "/includes/modules/barcode/";
$result=@include_once($dir.$generator.".modules.php");